
<?php
require_once __DIR__ . '/config.php';

function db(): PDO {
    global $pdo;
    return $pdo;
}

function h($s) {
    return htmlspecialchars((string)$s, ENT_QUOTES, 'UTF-8');
}

function get_user_by_username(string $username) {
    $stmt = db()->prepare("SELECT * FROM account_web WHERE Account = ? LIMIT 1");
    $stmt->execute([$username]);
    $row = $stmt->fetch();
    if ($row) {
        $row['total_topup'] = (int)($row['TienThat'] ?? 0);
    }
    return $row ?: null;
}

function get_user_by_id(int $id) {
    $stmt = db()->prepare("SELECT * FROM account_web WHERE ID = ? LIMIT 1");
    $stmt->execute([$id]);
    $row = $stmt->fetch();
    if ($row) {
        $row['total_topup'] = (int)($row['TienThat'] ?? 0);
    }
    return $row ?: null;
}

function create_user(string $username, string $password, string $email = null, string $phone = null, ?string &$msg = null): bool {
    if (get_user_by_username($username)) {
        $msg = 'Tài khoản đã tồn tại.';
        return false;
    }
    $hash = password_hash($password, PASSWORD_BCRYPT);
    $now  = date('Y-m-d H:i:s');
    $ip   = $_SERVER['REMOTE_ADDR'] ?? '';

    $sql = "INSERT INTO account_web 
            (Account, Password, Email, Phone, Money, NapDau, TienThat, NganPhieu, MaxLevel, RoleCount, Timer_Creat, IP_Reg, Block, Spin)
            VALUES
            (:Account, :Password, :Email, :Phone, 0, 0, 0, 0, 1, 1, :Timer_Creat, :IP_Reg, 0, 0)";
    $stmt = db()->prepare($sql);
    $stmt->execute([
        ':Account'     => $username,
        ':Password'    => $hash,
        ':Email'       => $email,
        ':Phone'       => $phone,
        ':Timer_Creat' => $now,
        ':IP_Reg'      => $ip,
    ]);
    $msg = 'Đăng ký tài khoản thành công.';
    return true;
}

function check_login(string $username, string $password, ?string &$msg = null) {
    $user = get_user_by_username($username);
    if (!$user) {
        $msg = 'Sai tài khoản hoặc mật khẩu.';
        return null;
    }
    if (!empty($user['Block'])) {
        $msg = 'Tài khoản đã bị khóa.';
        return null;
    }
    if (!password_verify($password, $user['Password'])) {
        $msg = 'Sai tài khoản hoặc mật khẩu.';
        return null;
    }
    return $user;
}

function login_user(array $user) {
    $_SESSION['user_id'] = (int)$user['ID'];
    $_SESSION['UserName'] = (string)$user['Account'];
}

function logout_user() {
    unset($_SESSION['user_id']);
    unset($_SESSION['UserName']);
}

function is_logged_in(): bool {
    return !empty($_SESSION['user_id']);
}

function current_user() {
    if (empty($_SESSION['user_id'])) return null;
    return get_user_by_id((int)$_SESSION['user_id']);
}

function require_login() {
    if (!is_logged_in()) {
        header('Location: /');
        exit;
    }
}

function getListServerHTML(): string {
    $servers = [
        ['id' => 1, 'name' => 'S1 - Thiên Long'],
        ['id' => 2, 'name' => 'S2 - Địa Long'],
    ];
    $html = '';
    foreach ($servers as $s) {
        $html .= '<option value="'.(int)$s['id'].'">'.h($s['name']).'</option>';
    }
    return $html;
}

function get_mocnap_boxes(): array {
    $stmt = db()->query("SELECT * FROM box_mocnap ORDER BY MoneyBox ASC");
    return $stmt->fetchAll();
}

function get_user_claimed_boxes(string $username): array {
    $stmt = db()->prepare("SELECT BOXID FROM box_mocnap_logs WHERE UserName=?");
    $stmt->execute([$username]);
    $rows = $stmt->fetchAll(PDO::FETCH_COLUMN);
    return array_map('intval', $rows);
}

function get_items_by_boxes(array $boxIds): array {
    if (!$boxIds) return [];
    $placeholders = implode(',', array_fill(0, count($boxIds), '?'));
    $stmt = db()->prepare("SELECT * FROM box_mocnap_item WHERE BoxID IN ($placeholders) ORDER BY BoxID ASC, ID ASC");
    foreach ($boxIds as $i => $bid) {
        $stmt->bindValue($i + 1, (int)$bid, PDO::PARAM_INT);
    }
    $stmt->execute();
    $rows = $stmt->fetchAll();
    $map = [];
    foreach ($rows as $r) {
        $bid = (int)$r['BoxID'];
        if (!isset($map[$bid])) $map[$bid] = [];
        $map[$bid][] = [
            'name'  => $r['NameBoxItem'] ?? ('ItemID '.$r['Item']),
            'count' => (int)($r['CountBoxItem'] ?? 1),
        ];
    }
    return $map;
}

function claim_mocnap_box(int $userId, int $boxId, ?string &$msg = null, int $serverId = 0, int $playerId = 0): bool {
    $user = get_user_by_id($userId);
    if (!$user) {
        $msg = 'Không tìm thấy tài khoản.';
        return false;
    }
    $username   = $user['Account'];
    $totalTopup = (int)($user['TienThat'] ?? 0);

    $stmt = db()->prepare("SELECT * FROM box_mocnap WHERE ID=? LIMIT 1");
    $stmt->execute([$boxId]);
    $box = $stmt->fetch();
    if (!$box) {
        $msg = 'Mốc nạp không tồn tại.';
        return false;
    }
    $needMoney = (int)$box['MoneyBox'];
    if ($totalTopup < $needMoney) {
        $msg = 'Bạn chưa đủ điều kiện để nhận mốc này.';
        return false;
    }

    $stmt = db()->prepare("SELECT ID FROM box_mocnap_logs WHERE UserName=? AND BOXID=? LIMIT 1");
    $stmt->execute([$username, $box['BoxID']]);
    if ($stmt->fetch()) {
        $msg = 'Bạn đã nhận mốc này rồi.';
        return false;
    }

    $sql = "INSERT INTO box_mocnap_logs
            (UserName, Server, PlayerID, BOXID, Week, Month, Year, Messager, Timer)
            VALUES
            (:UserName, :Server, :PlayerID, :BOXID, :Week, :Month, :Year, :Messager, :Timer)";
    $stmt = db()->prepare($sql);
    $stmt->execute([
        ':UserName' => $username,
        ':Server'   => $serverId,
        ':PlayerID' => $playerId,
        ':BOXID'    => $box['BoxID'],
        ':Week'     => date('W'),
        ':Month'    => date('n'),
        ':Year'     => date('Y'),
        ':Messager' => 'Nhận quà mốc nạp qua Web',
        ':Timer'    => time(),
    ]);

    $msg = 'Nhận quà mốc nạp thành công. Hệ thống game sẽ tự xử lý.';
    return true;
}
?>